Educause Security Discussion mailing list archives
Re: Cisco Clean Access & Impulse Point...
From: Lee Weers <weersl () CENTRAL EDU>
Date: Tue, 19 Jul 2005 14:23:38 -0500
As far as a cost justification, we approached it as a security problem. Last year we were unplugging entire residence halls from the network for a few days to get machines cleaned. The year before that they were unplugging portions of the entire network. The choice was either implement something or force all the students to stand in line while we check their machine individually. Overall the Bradford was a little more expensive when comparing just securing just the resnet, but when considering securing your entire network for no additional charge it came out to be much more cost effective than the prices listed below. And annual maintenance was lower also. It is about 15% of what you paid, and not list. -----Original Message----- From: Doug Sandford [mailto:dsandfor () SEEBECK UA EDU] Sent: Tuesday, July 19, 2005 2:00 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Cisco Clean Access & Impulse Point... I certainly appreciate the importance of the product and the functionality. What I'm curious about is how schools with 25k + users justified the cost? Educational price breaks aside, it still sounds like a chunk of money....any comments? Forwarded by: dsandfor () seebeck ua edu Forwarded to: doug () bama ua edu Date forwarded: Tue, 19 Jul 2005 8:51:29 -0500 Date sent: Tue, 19 Jul 2005 09:49:53 -0400 Send reply to: The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> From: "Gibbs, Aaron M." <AMGibbs () ST-AUG EDU> Subject: Re: [SECURITY] Cisco Clean Access & Impulse Point... To: SECURITY () LISTSERV EDUCAUSE EDU Impulse Point pricing is based on the number of users. $27,500 for < 1000 users and $32,000 for < 2500. Annual maintenance charges are 20% of the original purchase cost. Aaron M Gibbs Interim Vice President/CIO Center for Information Technology St. Augustine's College 919-516-4379 (Office) 919-516-4382 (Fax) amgibbs () st-aug edu www.st-aug.edu -----Original Message----- From: Schmitt, Dianne [mailto:dschmitt () JJC EDU] Sent: Friday, July 15, 2005 5:43 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Cisco Clean Access & Impulse Point... What pricing do they offer, better than Clean Access? Dianne Schmitt Assoc VP Information Technology Joliet Junior College 1215 Houbolt Rd. Joliet, IL 60431-8938 Phone: 815.280.6641 Fax: 815.280.2668 _____ From: Gibbs, Aaron M. [mailto:AMGibbs () ST-AUG EDU] Sent: Thursday, July 14, 2005 4:49 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Cisco Clean Access & Impulse Point... We're looking at implementing Impulses device. We looked at the Bradford Campus Manager, which has great functionality. However, Impulse Point also has great functionality that is similar to the Campus Manager coupled with a good price point. I'd be interested also in knowing others experiences with Impulse Point. Aaron M Gibbs Interim Vice President/CIO Center for Information Technology St. Augustine's College 919-516-4379 (Office) 919-516-4382 (Fax) amgibbs () st-aug edu www.st-aug.edu -----Original Message----- From: Michael Cole [mailto:mcole () CLARKU EDU] Sent: Thursday, July 14, 2005 3:58 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Cisco Clean Access & Impulse Point... FYI for the list: We've been using a product called Campus Manager to the past few years from Bradford networks, www.bradfordnetworks.com they're a small start up in NH but they've been growing and have an awesome product that sits off line and is very flexible in what it can do based on what you want/need. It does both network registration and remediation/quarantine functions. It's worth looking into if your looking for a solution. We've been very happy with it. Mike Michael A. Cole Network Engineer, Information Technology Services Clark University, Worcester MA 01610 508.793.7772 Mcole () clarku edu -----Original Message----- From: Mark Staples [mailto:mstaples () MAIL MCG EDU] Sent: Thursday, July 14, 2005 3:41 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Cisco Clean Access & Impulse Point... Anyone pilot both CCA and Impulse Point ( http://www.impulse.com/)? Impulse Point was designed for higher ed and is priced very attractively. So far, we've only seen presentations and nothing live. Any feedback would be great. Mark ----- Mark Staples Director of Information Security/Chief Information Security Officer IT Research Liaison Medical College of Georgia Office: 706-721-1577 mstaples () mcg edu -------- All information in the communication, including attachments, is strictly confidential and intended solely for delivery to the addressee(s) identified above (ie, To/cc/bc), and may contain privileged, confidential, proprietary and /or intellectual property entitled to protection from disclosure under applicable law. If you are not the intended recipient, please take note that any use, distribution or copying of this communication is unauthorized and may be unlawful. If you have received this communicatierror, please notify the sender, delete this correspondence from your computer, and destroy any printed copies of this communication.
franklin () TXSTATE EDU 07/14/05 3:13 PM >>>
This is a response from our network lead who implemented CCA a month or so ago: I got tired of trying to keep up with the IP's used for windows update. Using the host names is much better, but even then it's a moving target. Microsoft sometimes adds new sub domains and in the latest version of the update page it's a url under microsoft.com. We are allowing traffic to everything ending in microsoft.com and g.msn.com. That way the updates always work (so far) and students can search for and download patches manually. There are cases when windows update claims that a machine is fully patched but it is still missing something. The helpdesk can tell what's missing from the reports and the student can search for KBxxxx and download and install it manually. Anders Engle Systems Programmer I Texas State University -----Original Message----- From: Flagg, Martin D. [ mailto:FlaggMD () HIRAM EDU] <mailto:FlaggMD () HIRAM EDU%5d> Sent: Thursday, July 14, 2005 1:13 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Windows Updates and Cisco Clean Access We are implementing Cisco Clean Access (formally Perfigo). It has gone really well but we keep coming up with problems with Windows Update, it fails because CCA is blocking the IP. When this happens, I use a sniffer and add the new IP address that Microsoft is using and then it works, until they change address's again. Cisco says use the Host setting allowing requests that end in "update.microsoft.com". This does not always work. I am really at a loss because it works for 95% of the machines but I can not afford to have 5% of the students in my office when they get back from the summer. Any Ideas? Martin Flagg Hiram College Doug Sandford Information Security Officer University of Alabama Seebeck Computer Center doug () ua edu This email is intended only for the person to whom it is addressed. Any review or other use of this information by persons or entities other than the intended recipient or any retransmission without the consent of the sender is prohibited.
Current thread:
- Re: Cisco Clean Access & Impulse Point..., (continued)
- Re: Cisco Clean Access & Impulse Point... Chad McDonald (Jul 14)
- Re: Cisco Clean Access & Impulse Point... Gibbs, Aaron M. (Jul 14)
- Re: Cisco Clean Access & Impulse Point... Schmitt, Dianne (Jul 15)
- Re: Cisco Clean Access & Impulse Point... Dave Koontz (Jul 17)
- Re: Cisco Clean Access & Impulse Point... chad.mcdonald () gcsu edu (Jul 17)
- Re: Cisco Clean Access & Impulse Point... Michael Grinnell (Jul 18)
- Re: Cisco Clean Access & Impulse Point... Atif Azim (atif) (Jul 18)
- Re: Cisco Clean Access & Impulse Point... Gibbs, Aaron M. (Jul 19)
- Re: Cisco Clean Access & Impulse Point... Dave Koontz (Jul 19)
- Re: Cisco Clean Access & Impulse Point... Doug Sandford (Jul 19)
- Re: Cisco Clean Access & Impulse Point... Lee Weers (Jul 19)
- Re: Cisco Clean Access & Impulse Point... Chad McDonald (Jul 19)
- Re: Cisco Clean Access & Impulse Point... WILLIAM I. ARNOLD (Jul 20)
- Re: Cisco Clean Access & Impulse Point... George (Jul 20)
- Re: Cisco Clean Access & Impulse Point... John Stauffacher (Aug 26)